CVE-2025-28389

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-28389

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-28389.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-28389

Published

2025-06-13T14:15:21.010Z

Modified

2025-11-16T15:26:10.450951Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.

References

Affected packages

Git / github.com/openc3/cosmos

Affected ranges

Type: GIT
Repo: https://github.com/openc3/cosmos
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6e0d24067e57572254471e0460bcc10931740c40

Affected versions

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.1.1

v3.1.2

v3.2.0

v3.2.1

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.4.0

v3.4.1

v3.4.2

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.7.0

v3.7.1

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.9.0

v3.9.1

v3.9.2

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.1.0

v4.1.1

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.3.0

v4.4.0

v4.4.1

v4.4.2

v4.5.0

v5.*

v5.0.0

v5.0.0-alpha.1

v5.0.0-beta.1

v5.0.0.beta2

v5.0.1

v5.0.10

v5.0.11

v5.0.2

v5.0.2-beta2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.1.0

v5.1.1

v5.10.0

v5.10.1

v5.11.0

v5.11.1

v5.11.2

v5.11.3

v5.12.0

v5.13.0

v5.14.0

v5.14.1

v5.14.2

v5.15.0

v5.15.1

v5.15.2

v5.16.0

v5.16.1

v5.16.2

v5.17.0

v5.17.1

v5.18.0

v5.19.0

v5.2.0

v5.20.0

v5.3.0

v5.4.0

v5.4.1

v5.4.2

v5.4.3-beta0

v5.5.0

v5.5.0-beta0

v5.5.1

v5.5.2

v5.5.2-beta0

v5.6.0

v5.6.1

v5.7.0

v5.7.2

v5.8.0

v5.8.1

v5.9.0

v5.9.1

v6.*

v6.0.0